Quantifying identifiability to choose and audit ϵ in differentially private deep learning

Bernau, Daniel; Eibl, Günther; Grassal, Philip-William; Keller, Hannah; Kerschbaum, Florian

doi:10.14778/3484224.3484231

Cited by 5 publications

(1 citation statement)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DP formulates a privacy bound on the ratio of probability distributions around D and D resulting from a mechanism. The privacy bound holds for an adversary with auxiliary knowledge of up to all but one record in the dataset [44,45]. Yeom et al [32] demonstrate that the privacy bound can be transformed into an upper bound on the membership advantage of an MI adversary.…”

Section: Privacy Metrics and Boundsmentioning

confidence: 99%

On the Privacy–Utility Trade-Off in Differentially Private Hierarchical Text Classification

Dominik¹,

Bernau²,

Aldà³

et al. 2022

Applied Sciences

Self Cite

View full text Add to dashboard Cite

Hierarchical text classification consists of classifying text documents into a hierarchy of classes and sub-classes. Although Artificial Neural Networks have proved useful to perform this task, unfortunately, they can leak training data information to adversaries due to training data memorization. Using differential privacy during model training can mitigate leakage attacks against trained models, enabling the models to be shared safely at the cost of reduced model accuracy. This work investigates the privacy–utility trade-off in hierarchical text classification with differential privacy guarantees, and it identifies neural network architectures that offer superior trade-offs. To this end, we use a white-box membership inference attack to empirically assess the information leakage of three widely used neural network architectures. We show that large differential privacy parameters already suffice to completely mitigate membership inference attacks, thus resulting only in a moderate decrease in model utility. More specifically, for large datasets with long texts, we observed Transformer-based models to achieve an overall favorable privacy–utility trade-off, while for smaller datasets with shorter texts, convolutional neural networks are preferable.

show abstract

Section: Privacy Metrics and Boundsmentioning

confidence: 99%

On the Privacy–Utility Trade-Off in Differentially Private Hierarchical Text Classification

Dominik¹,

Bernau²,

Aldà³

et al. 2022

Applied Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

Secure Decentralized Image Classification With Multiparty Homomorphic Encryption

Guo

et al. 2023

IEEE Trans. Circuits Syst. Video Technol.

View full text Add to dashboard Cite

Membership Inference Attacks and Defenses in Federated Learning: A Survey

Bai,

Hu,

et al. 2024

ACM Comput. Surv.

View full text Add to dashboard Cite

Federated learning is a decentralized machine learning approach where clients train models locally and share model updates to develop a global model. This enables low-resource devices to collaboratively build a high-quality model without requiring direct access to the raw training data. However, despite only sharing model updates, federated learning still faces several privacy vulnerabilities. One of the key threats is membership inference attacks, which target clients’ privacy by determining whether a specific example is part of the training set. These attacks can compromise sensitive information in real-world applications, such as medical diagnoses within a healthcare system. Although there has been extensive research on membership inference attacks, a comprehensive and up-to-date survey specifically focused on it within federated learning is still absent. To fill this gap, we categorize and summarize membership inference attacks and their corresponding defense strategies based on their characteristics in this setting. We introduce a unique taxonomy of existing attack research and provide a systematic overview of various countermeasures. For these studies, we thoroughly analyze the strengths and weaknesses of different approaches. Finally, we identify and discuss key future research directions for readers interested in advancing the field.

show abstract

Quantifying identifiability to choose and audit ϵ in differentially private deep learning

Cited by 5 publications

References 27 publications

On the Privacy–Utility Trade-Off in Differentially Private Hierarchical Text Classification

On the Privacy–Utility Trade-Off in Differentially Private Hierarchical Text Classification

Secure Decentralized Image Classification With Multiparty Homomorphic Encryption

Membership Inference Attacks and Defenses in Federated Learning: A Survey

Contact Info

Product

Resources

About